Re: New OSI-approved licenses


J Lovejoy
 

Having more of a think on this - It may be more appropriate for Rob to talk to the “Free Public License” folks.
Rob - your thoughts?

Cheers,
Jilayne



On Tue, Dec 08, 2015 at 06:56:09AM -0500, Richard Fontana wrote:
Hi Jilayne,

No but that was my thought as well after reading Rob's response. I
will check.

Thanks,
Richard


On Tue, Dec 08, 2015 at 08:16:15AM +0000, J Lovejoy wrote:
Richard,

Has anyone from OSI gone back to the folks who submitted the “Free Public License” and ask if they mind or care if the name that Rob prefers is used instead of the one they suggested? Seems like that could potentially be an easy solution.

Jilayne

SPDX Legal Team co-lead
opensource@...


On Dec 8, 2015, at 6:17 AM, Rob Landley <rob@...> wrote:

The tl;dr of this whole email is "I humbly ask SPDX to retain both its
original long and short names for zero clause BSD as the only SDPX
approved name for this license".

On 12/07/2015 01:56 PM, Richard Fontana wrote:
On Mon, Dec 07, 2015 at 07:30:18PM +0000, J Lovejoy wrote:
3) While I have no inherent problem with the name 'Zero Clause BSD
License', it does bother me that the name has 'BSD' in it but the
license text is not clearly descended from the BSD license family.
"I have no problem, and here it is..."

In this sense both the name and the identifier are flawed. There is no
parallelism between the Zero Clause BSD License and the well-known
3-clause and 2-clause BSD licenses. I would probably not be objecting
to the identifier if it were '0ISC' rather than '0BSD' because the
Zero Clause BSD License is a stripped-down ISC license, not a
stripped-down BSD license.
So you still haven't looked back at the SPDX approval process for zero
clause BSD and noticed they raised that objection then, and got an answer?

http://lists.spdx.org/pipermail/spdx-legal/2015-June/001457.html

If the association between this license and ISC was important, why
didn't OSI's name for it mention ISC instead of making up a new name?

This is not the only public domain license derived from BSD licenses in
the wild. Here's one that did it by cutting down (I think, they don't
bother to specify) FreeBSD's license:

http://openwall.info/wiki/john/licensing

And that page links to another project using a variant that cut it down
a different way (also removing the virality but keeping the disclaimer).
Lots of people have done this lots of ways over the years.

And yet despite the many possible starting and ending points to strip
licenses down to public domain variants, OSI approved _exactly_ the same
text I chose. Which wasn't even submitted to OSI until a month after
SPDX published their decision to approve it, a year after Android merged
it, and two and a half years after I'd publicly started using it on a
project that Linux Weekly News has covered multiple times.

Not noticing _me_ is understandable, although it's not like I was being
quiet about it (unless you consider giving licensing talks ala
https://archive.org/download/OhioLinuxfest2013/24-Rob_Landley-The_Rise_and_Fall_of_Copyleft.mp3
and http://2014.texaslinuxfest.org/content/rise-and-fall-copyleft.html
and such to be "quiet").

I could even understand not noticing what Android was doing, although
the rest of the industry seems to be paying attention. (The android
command line is not a peripheral part of android, I got invited to Linux
Plumber's to talk about this a couple months back,
https://linuxplumbersconf.org/2015/ocw/proposals/2871 and yes I went
over the licensing aspect at length in that talk and oh look,
https://lwn.net/Articles/657139/ not only covers my talk by they linked
to my license page, using my license's name as the link text. September
14 is 2 weeks after the submission OSI acted upon, so presumably right
during OSI's analysis period?)

OSI failing to notice any of that doesn't surprise me. But OSI didn't
notice what _SPDX_ was doing, despite claiming to want to use SPDX
identifiers and thus having pretty much a DUTY to keep up there, and is
now asking SPDX to change to accommodate the results.

That's the part I don't get.

P.S. The JTR "BSD-like" license above recently came back to my attention
because although it was initially introduced just for new code (in an
otherwise GPLv2 project), a few days ago they started a concerted effort
to clean out their existing codebase so it can all go under this public
domain "BSD" license:

http://www.openwall.com/lists/john-users/2015/12/04/2

I.E. This GPL->PD trend is ongoing, and likely to continue for the
foreseeable future. That's why it's been a big enough issue for me to
keep talking about it at conferences for almost three years now.

I seem to be unusually careful in how I handle licensing for an open
source developer, but people who _haven't_ been a plaintiff in multiple
GPL enforcement suits and who weren't hired as a consultant by IBM's
lawyers to help defend against the SCO lawsuit and _don't_ respond to
people like Bruce Perens with https://busybox.net/~landley/forensics.txt
are generally doing this stuff in a much more ad-hoc way that
intentionally keeps lawyers as far away as possible. So legal groups may
not be promptly hearing directly about it from them, but the return to
public domain licensing isn't exactly a new issue out in the community.

4) Since I am coming at this from a viewpoint that is biased in favor
of the name of the license as submitted to the OSI, I can only object
to the idea that OSI should be expected to apply the identifier '0BSD'
to a license called the Free Public License 1.0.0.
By the time this license was submitted to OSI, SPDX had already
published its decision to approve it under the original BSD Zero Clause
name a month and change earlier, Android had merged it the previous
year, and I'd been publicly using it for 2 and 1/2 years in a project
covered on multiple occasions by Linux Weekly news.

Suggesting that SPDX amend an established decision predating the
_submission_ OSI acted upon (let alone OSI's approval process), entirely
because OSI did not do its homework, is not a comforting precedent.

Until this all instances of this particular license being cut down in
this particular way that I was aware of traced back to my doing so.
Other people have cut down plenty of other licenses in other ways for
this purpose, there are lots of starting and stopping points for a
"public domain license". I was trying to come up with one that corporate
legal departments could standardize on and that github could offer in
its dropdown, and felt the OpenBSD license text best served my purpose
there. I also emphasized that it was an existing license with half a
sentence removed as part of this sales pitch.

Perhaps the wording and the timing of OSI's submission, with
approximately the same sales pitch as I gave in my talks and wrote up on
my website, are just coincidences. I don't care about plagiarism or
attribution here. What I am annoyed by is that SPDX's approval of the
license I've been using for years under the name I've been using for
years is now _retroactively_ threatened by OSI's actions. SPDX refusing
to approve it would have been their right. (And given they already have
https://spdx.org/licenses/Unlicense.html and
https://spdx.org/licenses/CC0-1.0.html would even have been understandable.)

OSI coming along after the fact and going "oh, we renamed a license that
already exists, didn't even start the process until well after your
decision was published, so clearly YOU should change" is just disturbing.

5) For some time there's been some desire on the part of the OSI to
make use of the SPDX identifiers, and you can see evidence of this on
the OSI website. But I think with the Free Public License 1.0.0 and
also the recently-approved eCos License version 2.0 this policy has
reached a breaking point. In the case of eCos we can't seriously be
expected to entertain use of a short identifier that is longer than
the name of the license.
Great, eCos already broke your policy, moot point then. You can stop
expecting 100% correspondence on every license now and just use the ones
you find convenient. Glad we could resolve this.

(You're the one who brought it up...?)

We endeavor not to change the short identifiers unless there is an
extremely compelling reason and users of the SPDX License List (of
which there are many) rely on us to not make such changes unnecessarily.
I’m not sure I see the compelling reason here, especially when, as
Rob has now told us, part of the reason he submitted the license
to be on the SPDX License List was as per the request of a large
company using the SPDX short identifiers.

I'm not suggesting that the identifier be changed,
I also would like to avoid the SPDX identifier(s) changing.

but rather that two identifiers be adopted, each being considered
equally official in an SPDX sense.
Oh please no.

First, two names for the same thing blunts the marketing pitch. Second,
the venn diagram of "programmers who want something with Free in the
name" and "programmers who want to get as far away from copyleft as
possible" is basically two discrete circles. Attaching part of the Free
Software Foundation's name on this license would be detrimental to what
I'm trying to accomplish (increasing acceptance of public domain
licensing and migrating github users off of "no license specified").

Ultimately, the issue isn't too important,
If it doesn't affect what SPDX does, I agree.

but I simply can't bring
myself to use "0BSD" on the OSI website in the manner in which other
SPDX short identifiers have now been used.
Then... don't use it?

OSI failed to notice that SPDX had already approved a nearly identical
license a month and change before OSI even received its submission. I
noticed the approval over a month before your license's submission date
by checking SPDX's public spreadsheet of upcoming license approvals.

That OSI did _not_ do this, despite OSI's desire to use SPDX
identifiers, was a failure on OSI's part. You've brought up eCos to
indicate that this is not a unique failure.

I don't see how resolving the resulting conflict is SPDX's problem?

We do have some flexibility with the full name, which would be reasonably
to change to something like, "BSD Zero Clause / Free Public License
1.0.0”
(clunky, perhaps) and then also add a note as Richard did explaining the
similarity-yet-name-variation-possibility.
Richard Stallman has spent well over a decade attempting to associate
"free software" with copyleft. If you google for "free public software"
the first hit is http://www.gnu.org/philosophy/categories.en.html (and
if you add "license" the first hit is the FSF's GPLv3 page). This is not
a neutral term when discussing licenses.

I'd really rather ignore OSI entirely than explain that after zero
clause bsd had been in use for years, after it had been merged into
android and tizen, and after SPDX had published a decision to approve
it, OSI randomly accepted the same license under a different and
misleading name because this guy https://github.com/christianbundy said
so and OSI didn't do its homework. (Ok, that photo with the caption
"this guy" would make an entertaining slide, but entertaining damage
control is still damage control.)

But I doubt it will come up if SPDX leaves the existing names in place.
I was asked to submit this license to SPDX because people care about
that. Nobody ever asked me to submit it to OSI.

Rob
_______________________________________________
Spdx-legal mailing list
Spdx-legal@...
https://lists.spdx.org/mailman/listinfo/spdx-legal


SPDX Legal Team co-lead
opensource@...

Join Spdx-legal@lists.spdx.org to automatically receive all group messages.