Postgres Core Team launches unprecedented attack against the Postgres Community

Monday, Sep 13, 2021| by Álvaro Hernández | Tags: postgresql

Postgres Core Team launches unprecedented attack against the Postgres Community

Being distributed is the key to the project’s resilience

One of the often cited advantages of the PostgreSQL project is its resiliency. Especially in the presence of rogue actors: being a distributed Community, it is hard to target any individual, group or entity and affect/disrupt the whole Community. Similarly, it is not possible to “buy PostgreSQL”, irrespective of how much money you have, since there’s no single entity, group or company that constitutes the whole project and thus could be acquired. PostgreSQL is a Distributed Community, and this is one of its core strengths.

But actually: Who is the PostgreSQL Community? Who develops PostgreSQL? The “PostgreSQL Global Development Group” (PGDG), which is an abstract term that covers developers and volunteers around the world that have contributed to PostgreSQL. Diving into the COPYRIGHT, we see that effectively for the period 1996-2021 it is assigned to the PGDG. The PostgreSQL Developer FAQ further clarifies that “contributors keeps their copyright […]. They simply consider themselves to be part of the PGDG". Copyright is also distributed, reinforcing the previous reasoning about PostgreSQL’s resiliency.

Intellectual Property (IP) protection for the project also requires adequate trademark protection. As of today there are three PostgreSQL Community Non-Profit Organizations (NPOs) that hold trademark registrations for the PostgreSQL project. And the three of them have made them public, open and free for anyone to use for the benefit of PostgreSQL: the PostgreSQL Association of Canada (PAC), PostgreSQL Europe (PEU) and Fundación PostgreSQL (FPG), though some of them introduced lately some restrictions to their use, as we shall see later.

There are several other variations of these trademarks related to Postgres products and Postgres company names, that are registered by their respective (for-profit) companies.

PostgreSQL trademark protection history

Trademark protection is a key part of any large project or company. Surprisingly, for such an important, large and old project (25+ years), trademark protection measures for it only began in 2018. Before May 2018, no “PostgreSQL” trademark was registered by the Community (with the sole exception of the region of Canada and some for-profit, company-related trademarks). This meant that trademark protection for the PostgreSQL Community was basically nonexistent.

Between 2018 and 2019, two PostgreSQL Community nonprofits registered the trademarks:

  • “PostgreSQL”, class 9, EU and US regions (PAC).
  • “PostgreSQL Conference”, class 41, EU region (PEU).

After these registrations, some trademark protection was gained for the Community. However, note that Class 41 applies to training, conferences, user groups, etc; and Class 9 is under the “goods” category. Thus, it only covers the PostgreSQL software as a good. In particular: “all computer programs and software regardless of recording media or means of dissemination, that is, software recorded on magnetic media or downloaded from a remote computer network". What about PostgreSQL Professional Services? What about Cloud Computing Services, such as PostgreSQL-as-a-Service? None were covered; that’s class 42.

In 2020, Fundación PostgreSQL registered the trademark “PostgreSQL”, on class 42, for both the EU and US; and “PostgreSQL Community” (same regions) on class 41. They weren’t registered, the project was unprotected! From this moment on, PostgreSQL Professional Services and PostgreSQL Cloud Services also started having protection from the Community.

The Postgres Core team becomes the enemy of its own Community

On July 20th, 2020 Fundación PostgreSQL received a formal post mail letter (dated July 6th) from an UK Law firm in representation of both the PostgreSQL Community Association of Canada and PostgreSQL Europe ("individually and collectively"). That letter asked Fundación PostgreSQL to “voluntarily surrender/withdraw all of the Fundación Marks in full by 20 July 2020". It also stated their client’s preference to “resolve matters on an amicable basis".

It was surprising, and definitely not “amicable”, since no other prior communication from PAC or PEU was received by any means, electronic or otherwise, directed to the Fundación or to any of its members. Even more surprising was the request itself: withdrawing a trademark would simply return it to an available status where anyone may then register it.

As the letter also informed, PAC holds the mark “PostgreSQL” and PEU holds “PostgreSQL Conference” for the EU. What was also surprising was that (a) the classes of each trademark were not specified in the letter (PAC trademark is under class 9 and PEU trademark is under class 41); and (b) the three trademarks were presented altogether, with no clarification as to which entity held which trademark.

The letter raises two fundamental questions:

  • If one of the main resilience strategies of the PostgreSQL Community is to have a distributed IP strategy, which protects it from being bought, why is one part of the Community legally threatening another part?.
  • Why are PAC and PEU acting together and coordinated? If PAC considers that “there is substantial scope for consumer/user confusion” and “that unfair advantage may be taken of", why is PAC legally threatening only Fundación PostgreSQL, and not also PEU? Why, conversely, PEU is also not sending an equivalent legal letter to PAC? Are they colluding?

Regarding the latter question, PAC and PEU are, legally, two absolutely unrelated (legal) entities. The only (non-legal) relationship among them is that PEU’s current President and Secretary are both members of PostgreSQL’s Core –Core does not have a legal entity so it “relies” on PAC for legally related matters. Furthermore, PEU’s Secretary and Core Member is also PAC’s Chairman. Another Core Member is also a member of PAC’s board.

Interlude: notes on PostgreSQL Europe

Conventional wisdom may lead us to believe that PostgreSQL Europe is “the official association for the PostgreSQL project in Europe”. That’s, however, not the case. There isn’t any official policy stating how a given non-profit may become the representative entity for the PostgreSQL project in any given geography. There is no legitimacy over PostgreSQL Europe’s “officiality”. PostgreSQL Europe is just one non-profit organization rooted in France. And it’s definitely not the only PostgreSQL non-profit rooted in the EU. Apparently, PostgreSQL Europe enjoys a legitimacy given by its name, which leads to confusion for the PostgreSQL project and an unfair privilege over other Community members.

Moreover, there may be concerns about whether PEU as a legal entity, an Association with open membership, is an appropriate holder for PostgreSQL Community’s trademarks. Let me elaborate: a General Assembly can be triggered by 25% of the members. The Board of Directors, and any General Assembly decisions, can be taken with a majority vote of 50% of the members, including dissolution of the association. Given that there are around 150 (public) active (voting) members, and that membership is open to anyone in Europe for just 10€, it is easy to calculate the small cost that would take a rogue actor to get new members into PEU, overtake it, and rule against the very same PostgreSQL Community.

Interlude II: notes on Fundación PostgreSQL

To mitigate any potential risks and ensure the best trademark protection for the PostgreSQL Community, at Fundación PostgreSQL we made the explicit determination to avoid the potential takeover problems of an open membership (voting members). However, Fundación PostgreSQL is completely open to end-users, collaborators, and anyone that may want to apply to become part of the Board ("Patronato"). Please reach out to us!

It’s also relevant to explain here that its legal form, a “Fundación” in Spain, was also deliberately chosen for these goals: a Fundación is a much more solid entity than an “Asociación” in Spain. The main differences are:

  • If they are dissolved, the assets of the Fundación must go to another non-profit Foundation. For an association, they could be split among the existing members.
  • Changes to the Statutes are permitted in both cases. But with Foundations, they need to be validated by the Ministry of Justice, and they can never deviate substantially from the initial will of the Founder(s), expressed in the initial Statutes. In other words: a PostgreSQL association may be turned into a cooking, or into an Oracle association; whereas Fundación PostgreSQL will always remain a PostgreSQL nonprofit, for the sole benefit of the PostgreSQL Community.

The Postgres Core team becomes the enemy of its own Community (II)

On July 23rd, three days after receiving the lawyer letter from PAC and PEU, Fundación wrote an email to both PAC and PEU Boards to enter an amicable conversation, over email, phone or otherwise. Also the two questions previously raised were asked to them. None of them were answered, and the request to enter an amicable conversation was denied. I separately contacted a Core member to have a phone conversation at a personal level. That Core member informed me that Core should be consulted on whether that conversation should take place. Despite his best efforts, that request was denied by Core’s majority, and thus no call could take place.

On July 27th, another letter from the same UK firm was received insisting on the request of the first letter, giving another deadline on August 3rd to surrender the trademarks, and threatening that after that date “invalidation/opposition proceedings may commence without further notice".

On August 20th, Fundación received another letter (a burofax in Spain), this time from a Spanish law firm, insisting on similar terms, with the addition of threats to claim “compensations for damages and losses”.

On October 6th, PAC and PEU, within 3 minutes apart, both filed formal oppositions to Fundación’s PostgreSQL trademark registration in Europe on EUIPO. This process is awaiting resolution from EUIPO.

On December 8th, 2020, updated its Trademark Policy page. There it explicitly mentions that “the terms Postgres and PostgreSQL and the Elephant Logo (Slonik) are all registered trademarks of the PostgreSQL Community Association of Canada".

On July 15th, 2021, Fundación PostgreSQL was sued in the courts of Madrid by PAC and PEU. A few days later, a proposal for negotiation was sent by them. Fundación PostgreSQL showed its best interest to negotiate, and sent their lawyers the following negotiation terms, quoted below in its entirety and verbatim:

  • Set up a NPO (Non-Profit Organization) that will hold all the IP and trademarks for the PostgreSQL project. This NPO should be a new one to start afresh, with proper Statutes agreed by the Community.
  • The NPO will have a General Assembly formed by elected representatives of all PostgreSQL stakeholders: developers, companies, non-profits, end-users, academia. The NPO should be modeled after successful, open, democratic and transparent models like that of the Linux or Apache Foundations.
  • The PostgreSQL Association of Canada; Postgres Europe; and Fundación PostgreSQL will transfer, permanently and irrevocably, all domain names, trademarks and other IP assets to the new NPO. New, clear and non discretionary rules will be established to allow fair use of the PostgreSQL trademarks by any stakeholder.
  • The PostgreSQL Core Team will become an Executive Board of the new NPO, and will end its current relationship with the PostgreSQL Association of Canada. The Core Team will report and be subject to the General Assembly. Core Team members will be elected and may be removed by the General Assembly. Other Executive Boards may be created, with different focus and attributions to that of the Core Team.
  • The Core Team will introduce measures to increase its equity and transparency. Among others, it will:
    • Write proper Statutes to clarify and frame its attributions.
    • Introduce time-limited terms for its members, and a maximum number of re-elections. Emeritus members may be appointed, in exceptional cases. They will be excluded from these limitations, but emeritus members will not have voting rights.
    • Make public all Core Team meeting minutes. Redaction may be applied to security or PII-related matters.
    • Every year, the Core Team will write and publish publicly an annual planning report, detailing the strategic lines and goals for the upcoming year. This report will also contain an evaluation of the previous year’s performance.

PAC and PEU did only respond today. This response does not address any of the proposed negotiated terms, and based on the facts presented on that post contains innumerable errors and omissions, including false facts. The post also contains language that addresses an individual instead of the whole institution, in what supposes an abuse of power and an attitude towards one individual that is allegedly in violation of Core Team’s Code of Conduct. It is not the first time this has been done, as the same individual harassment was performed over a previous email restricted to the committers mailing list. Both incidents have been brought to the Code of Conduct Committee and are awaiting resolution.

Final notes

To make it crystal clear, the trademarks registered by Fundación PostgreSQL are for the PostgreSQL Community. Our Trademarks page clearly explains that they have been registered to help “promote PostgreSQL and its Community, including but not limited to the software and tools ecosystem, its users, user groups (PUGs), regional and international events, contributors and non-profit and commercial entities providing goods and/or services including or related to PostgreSQL". Fundación PostgreSQL “allows them to be used freely, under all provisions of goods and services covered by the respective Nice classifications, under the registered designations, provided that its use constitutes a fair use aligned with the Goals of the Foundation as specified in its Statutes". To avoid any doubt, see Article 3 of the Statutes. In simple words: as long as the trademark is used for the benefit of the PostgreSQL Project and Community, they can be used freely; no restrictions attached.

This greatly contrasts with the recent update to PAC’s own trademark policy, which states among other limitations that “if you want to use our marks (or some variant of them) in your company name, product name or domain name, you must obtain prior approval. […] Please note, however, that we will approve uses in our sole discretion". Which raises the following questions:

  • What happens with the companies that already registered trademarks with the “PostgreSQL” or “Postgres” names, without any prior approval? Are they in an advantaged position over the ones that want to do it now?
  • Apparently, there are no written rules on how such names are approved, given that it is approved “at their sole discretion". Is this transparent and democratic? Who are PAC members (other than the Board), is it an open member association? What are their Statutes? (they are not public on their website). Is it actually a Community NonProfit, which according to their own definition, requires open membership; or it isn’t?
  • Why does PAC’s trademark policy not clearly state to which regions and classes do their registered trademarks apply? In particular, why does PAC’s policy include references to PostgreSQL events, which belong to Class 41, a class that is registered by PEU, a separate legal entity? (It is not consolidation; as PEU has its own trademark policy page, with a different policy).
  • Are all these restrictions the best option, or is the more permissive and restriction-free approach taken by trademarks registered by Fundación PostgreSQL a better approach?

The Core Team, and the PAC and PEU, are launching an unprecedented attack against its own Community, and revealing how they act. As the least transparent, more opaque and least equitable governing board of any open source community known. The Core Team should resign and call for open elections for a new Core Team. A new Core Team with the goals of setting up new, modern, transparent, open governing boards for the Postgres Project. With an inclusive Community where all stakeholders can be part of. And where no attacks would be permitted. The often cited question “Postgres will live forever?” is now at stakes. Let’s make sure it will really remain true forever.