Did this ever get resolved?

On 11/17/2015 12:51 AM, Richard Fontana wrote:

On Tue, Nov 17, 2015 at 01:32:44AM -0500, Richard Fontana wrote:

2) Free Public License 1.0.0
Text of approved license contained within:

https://lists.opensource.org/pipermail/license-review/2015-August/001104.html

We have added as of v2.2 - http://spdx.org/licenses/0BSD.html -

although it was submitted using a different name as suggested by the
submitter (who I think said he authored the license… or at least seemed
to know a lot about it’s origins and the suggested name, which we went
with - see
http://lists.spdx.org/pipermail/spdx-legal/2015-June/001443.html for
that thread).

Would the OSI oppose the name we already went with??

Hmm, I think this is really a case of two people independently
inventing approximately the same thing at about the same time,

Given the timeline, it's more likely they copied the license from Android.

March 2013:

I start using this license:
http://lists.landley.net/pipermail/toybox-landley.net/2013-March/000794.html

November 2014:

Android merges toybox to replace toolbox:
https://code.google.com/p/android/issues/detail?id=76861#c11

January 2015:

Linux Weekly News covers toybox's addition to Android:
https://lwn.net/Articles/629362/

May 2015:

Android-M preview containing toybox distributed to developers:
https://en.wikipedia.org/wiki/Android_Marshmallow

June 2015:

Either Samsung or Sony (I forget which) asks me to submit the the toybox
license to SPDX to simplify their internal paperwork:
http://lists.spdx.org/pipermail/spdx-legal/2015-June/001443.html

August 30, 2015:

These guys submit the license to OSI.
https://lists.opensource.org/pipermail/license-review/2015-August/001104.html

I didn't submit my public domain equivalent license to OSI because their
lawyer wrote an article literally comparing public domain software to
abandoning trash by the side of a highway
(http://www.linuxjournal.com/article/6225 paragraph 5), and if you
google for "Linux Public Domain" it's still the second hit.

where
'invention' means removing some language from an existing short
license.

Yes, it is a minor variant of an existing BSD license.

Specifically, the OpenBSD template license
(http://www.openbsd.org/policy.html links to
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=HEAD)
which is why I felt justified in calling it a BSD license.

There were already "2 clause", "3 clause", and "4 clause" BSD licenses
commonly referred to, "zero clause" to mean public domain didn't seem
like a stretch (and is also what the Creative Commons guys chose with
CC0). It also makes it easy for corporate legal departments that have
approved existing BSD licenses to rubber-stamp another.

I chose this name for a reason. In the "copyleft vs bsd" axis, this is
more BSD than BSD. "Free" is the Free Software Foundation's rallying cry
(and the reason OSI had to come up with "Open Source" to counter "Free
Software"). Sticking the word "Free" on a public domain equivalent
license (as far from copyleft as you can get) is either intentionally
confusing or deeply clueless.

Part of my attraction to public domain licensing is trying to counteract
the damage GPLv3 did to the community at large when it fragmented
copyleft into incompatible factions. There's no such thing as "The GPL"
anymore, Linux and Samba implement two ends of the same protocol, are
both GPL, and neither can use the other's code. Copyleft is now a
significant _barrier_ to code reuse within copylefted projects.

The result seems to be a generation of programmers who are lumping
software copyrights in with software patents as "too dumb to live", and
taking a napster-style civil disobedience approach, opting out of
licensing their code at ALL until the whole corrupt intellectual
property edifice collapses under its own weight. "No License Specified"
continues to be the most common license on github _after_ its CEO made a
big push to standardize on MIT licensing as a default. The percentage
has gone _up_ in the past year:

https://speakerdeck.com/benbalter/open-source-licensing-by-the-numbers?slide=41

If I just wanted a public domain license I could have grabbed creative
commons zero (or the libtomcrypt license or unlicense.org or...) but I
wanted the strategic advantage of the name "Zero Clause BSD" because the
ability to say "we're more BSD than BSD" is an easy sell that
short-circuits a lot of explanation.

Attaching the Free Software Foundation's codeword "Free" to a
non-copyleft license is... odd. Saying "when we use the word 'Free' we
mean something different than when the Free Software Foundation uses the
word 'Free'" is not an argument I want to make, especially not to people
who have developed an _aversion_ to copyleft.

Looks like Rob Landley was using it a year or more earlier:
https://lwn.net/Articles/608082/

According to http://landley.net/hg/toybox/rev/264b9da809df since March
14, 2013, so 2 and a half years earlier than August 30 of this year.

Checking my old email, I noticed 0BSD marked approved for 2.2 in your
public spreadsheet July 19, 2015, so you'd already approved it a month
and a half before the other guy submitted it to OSI.

I'm guessing what happened here is that Android's "about->licenses"
thing gives license text but not license names, so they made one up.

Rob

On Dec 5, 2015, at 12:36 PM, Richard Fontana <fontana@...> wrote:

On Sat, Dec 05, 2015 at 12:57:43AM -0600, Rob Landley wrote:

As far as I can tell, OSI continues to be unaware that unlicense.org or
creative commons zero even exist.

The OSI is aware of them. There's actually been interest for some time
in getting OSI approval of a license (or license-like instrument) in
this category, what I've recently been calling 'ultrapermissive'. CC0
was actually submitted by Creative Commons for OSI approval a few
years ago. The submission was withdrawn because of controversy over
clause 4a in CC0 ("No ... patent rights held by Affirmer are waived,
abandoned, surrendered, licensed or otherwise affected by this
document."). The Unlicense hasn't been submitted for approval.

I have now modified http://opensource.org/licenses/alphabetical to
include Zero Clause BSD License (0BSD) with a cross reference to the
Free Public License, and I have also added the following prefatory
text to http://opensource.org/licenses/FPL-1.0.0:
"Note: There is a license that is identical to the Free Public License
1.0.0 called the Zero Clause BSD License. Apart from the name, the
only difference is that the Zero Clause BSD License has generally been
used with a copyright notice, while the Free Public License has
generally been used without a copyright notice."

Hopefully that will remove whatever possibility there was of anyone
thinking the Zero Clause BSD License (for those who choose to call it
that) is not now OSI-approved by virtue of the approval of the Free
Public License.

However I still recommend that the SPDX group come up with a short
identifier for the Free Public License that is different from "0BSD";
I'm going to pretend that it would be "FPL-1.0.0".

Richard

On Dec 8, 2015, at 6:17 AM, Rob Landley <rob@...> wrote:

The tl;dr of this whole email is "I humbly ask SPDX to retain both its
original long and short names for zero clause BSD as the only SDPX
approved name for this license".

On 12/07/2015 01:56 PM, Richard Fontana wrote:

On Mon, Dec 07, 2015 at 07:30:18PM +0000, J Lovejoy wrote:
3) While I have no inherent problem with the name 'Zero Clause BSD
License', it does bother me that the name has 'BSD' in it but the
license text is not clearly descended from the BSD license family.

"I have no problem, and here it is..."

In this sense both the name and the identifier are flawed. There is no
parallelism between the Zero Clause BSD License and the well-known
3-clause and 2-clause BSD licenses. I would probably not be objecting
to the identifier if it were '0ISC' rather than '0BSD' because the
Zero Clause BSD License is a stripped-down ISC license, not a
stripped-down BSD license.

So you still haven't looked back at the SPDX approval process for zero
clause BSD and noticed they raised that objection then, and got an answer?

http://lists.spdx.org/pipermail/spdx-legal/2015-June/001457.html

If the association between this license and ISC was important, why
didn't OSI's name for it mention ISC instead of making up a new name?

This is not the only public domain license derived from BSD licenses in
the wild. Here's one that did it by cutting down (I think, they don't
bother to specify) FreeBSD's license:

http://openwall.info/wiki/john/licensing

And that page links to another project using a variant that cut it down
a different way (also removing the virality but keeping the disclaimer).
Lots of people have done this lots of ways over the years.

And yet despite the many possible starting and ending points to strip
licenses down to public domain variants, OSI approved _exactly_ the same
text I chose. Which wasn't even submitted to OSI until a month after
SPDX published their decision to approve it, a year after Android merged
it, and two and a half years after I'd publicly started using it on a
project that Linux Weekly News has covered multiple times.

Not noticing _me_ is understandable, although it's not like I was being
quiet about it (unless you consider giving licensing talks ala
https://archive.org/download/OhioLinuxfest2013/24-Rob_Landley-The_Rise_and_Fall_of_Copyleft.mp3
and http://2014.texaslinuxfest.org/content/rise-and-fall-copyleft.html
and such to be "quiet").

I could even understand not noticing what Android was doing, although
the rest of the industry seems to be paying attention. (The android
command line is not a peripheral part of android, I got invited to Linux
Plumber's to talk about this a couple months back,
https://linuxplumbersconf.org/2015/ocw/proposals/2871 and yes I went
over the licensing aspect at length in that talk and oh look,
https://lwn.net/Articles/657139/ not only covers my talk by they linked
to my license page, using my license's name as the link text. September
14 is 2 weeks after the submission OSI acted upon, so presumably right
during OSI's analysis period?)

OSI failing to notice any of that doesn't surprise me. But OSI didn't
notice what _SPDX_ was doing, despite claiming to want to use SPDX
identifiers and thus having pretty much a DUTY to keep up there, and is
now asking SPDX to change to accommodate the results.

That's the part I don't get.

P.S. The JTR "BSD-like" license above recently came back to my attention
because although it was initially introduced just for new code (in an
otherwise GPLv2 project), a few days ago they started a concerted effort
to clean out their existing codebase so it can all go under this public
domain "BSD" license:

http://www.openwall.com/lists/john-users/2015/12/04/2

I.E. This GPL->PD trend is ongoing, and likely to continue for the
foreseeable future. That's why it's been a big enough issue for me to
keep talking about it at conferences for almost three years now.

I seem to be unusually careful in how I handle licensing for an open
source developer, but people who _haven't_ been a plaintiff in multiple
GPL enforcement suits and who weren't hired as a consultant by IBM's
lawyers to help defend against the SCO lawsuit and _don't_ respond to
people like Bruce Perens with https://busybox.net/~landley/forensics.txt
are generally doing this stuff in a much more ad-hoc way that
intentionally keeps lawyers as far away as possible. So legal groups may
not be promptly hearing directly about it from them, but the return to
public domain licensing isn't exactly a new issue out in the community.

4) Since I am coming at this from a viewpoint that is biased in favor
of the name of the license as submitted to the OSI, I can only object
to the idea that OSI should be expected to apply the identifier '0BSD'
to a license called the Free Public License 1.0.0.

By the time this license was submitted to OSI, SPDX had already
published its decision to approve it under the original BSD Zero Clause
name a month and change earlier, Android had merged it the previous
year, and I'd been publicly using it for 2 and 1/2 years in a project
covered on multiple occasions by Linux Weekly news.

Suggesting that SPDX amend an established decision predating the
_submission_ OSI acted upon (let alone OSI's approval process), entirely
because OSI did not do its homework, is not a comforting precedent.

Until this all instances of this particular license being cut down in
this particular way that I was aware of traced back to my doing so.
Other people have cut down plenty of other licenses in other ways for
this purpose, there are lots of starting and stopping points for a
"public domain license". I was trying to come up with one that corporate
legal departments could standardize on and that github could offer in
its dropdown, and felt the OpenBSD license text best served my purpose
there. I also emphasized that it was an existing license with half a
sentence removed as part of this sales pitch.

Perhaps the wording and the timing of OSI's submission, with
approximately the same sales pitch as I gave in my talks and wrote up on
my website, are just coincidences. I don't care about plagiarism or
attribution here. What I am annoyed by is that SPDX's approval of the
license I've been using for years under the name I've been using for
years is now _retroactively_ threatened by OSI's actions. SPDX refusing
to approve it would have been their right. (And given they already have
https://spdx.org/licenses/Unlicense.html and
https://spdx.org/licenses/CC0-1.0.html would even have been understandable.)

OSI coming along after the fact and going "oh, we renamed a license that
already exists, didn't even start the process until well after your
decision was published, so clearly YOU should change" is just disturbing.

5) For some time there's been some desire on the part of the OSI to
make use of the SPDX identifiers, and you can see evidence of this on
the OSI website. But I think with the Free Public License 1.0.0 and
also the recently-approved eCos License version 2.0 this policy has
reached a breaking point. In the case of eCos we can't seriously be
expected to entertain use of a short identifier that is longer than
the name of the license.

Great, eCos already broke your policy, moot point then. You can stop
expecting 100% correspondence on every license now and just use the ones
you find convenient. Glad we could resolve this.

(You're the one who brought it up...?)

We endeavor not to change the short identifiers unless there is an
extremely compelling reason and users of the SPDX License List (of
which there are many) rely on us to not make such changes unnecessarily.
I’m not sure I see the compelling reason here, especially when, as
Rob has now told us, part of the reason he submitted the license
to be on the SPDX License List was as per the request of a large

company using the SPDX short identifiers.

I'm not suggesting that the identifier be changed,

I also would like to avoid the SPDX identifier(s) changing.

but rather that two identifiers be adopted, each being considered
equally official in an SPDX sense.

Oh please no.

First, two names for the same thing blunts the marketing pitch. Second,
the venn diagram of "programmers who want something with Free in the
name" and "programmers who want to get as far away from copyleft as
possible" is basically two discrete circles. Attaching part of the Free
Software Foundation's name on this license would be detrimental to what
I'm trying to accomplish (increasing acceptance of public domain
licensing and migrating github users off of "no license specified").

Ultimately, the issue isn't too important,

If it doesn't affect what SPDX does, I agree.

but I simply can't bring
myself to use "0BSD" on the OSI website in the manner in which other
SPDX short identifiers have now been used.

Then... don't use it?

OSI failed to notice that SPDX had already approved a nearly identical
license a month and change before OSI even received its submission. I
noticed the approval over a month before your license's submission date
by checking SPDX's public spreadsheet of upcoming license approvals.

That OSI did _not_ do this, despite OSI's desire to use SPDX
identifiers, was a failure on OSI's part. You've brought up eCos to
indicate that this is not a unique failure.

I don't see how resolving the resulting conflict is SPDX's problem?

We do have some flexibility with the full name, which would be reasonably
to change to something like, "BSD Zero Clause / Free Public License

1.0.0”

(clunky, perhaps) and then also add a note as Richard did explaining the
similarity-yet-name-variation-possibility.

Richard Stallman has spent well over a decade attempting to associate
"free software" with copyleft. If you google for "free public software"
the first hit is http://www.gnu.org/philosophy/categories.en.html (and
if you add "license" the first hit is the FSF's GPLv3 page). This is not
a neutral term when discussing licenses.

I'd really rather ignore OSI entirely than explain that after zero
clause bsd had been in use for years, after it had been merged into
android and tizen, and after SPDX had published a decision to approve
it, OSI randomly accepted the same license under a different and
misleading name because this guy https://github.com/christianbundy said
so and OSI didn't do its homework. (Ok, that photo with the caption
"this guy" would make an entertaining slide, but entertaining damage
control is still damage control.)

But I doubt it will come up if SPDX leaves the existing names in place.
I was asked to submit this license to SPDX because people care about
that. Nobody ever asked me to submit it to OSI.

Rob

Richard,

Has anyone from OSI gone back to the folks who submitted the “Free Public License” and ask if they mind or care if the name that Rob prefers is used instead of the one they suggested? Seems like that could potentially be an easy solution.

Jilayne

SPDX Legal Team co-lead
opensource@...

On Dec 8, 2015, at 6:17 AM, Rob Landley <rob@...> wrote:

The tl;dr of this whole email is "I humbly ask SPDX to retain both its
original long and short names for zero clause BSD as the only SDPX
approved name for this license".

On 12/07/2015 01:56 PM, Richard Fontana wrote:

On Mon, Dec 07, 2015 at 07:30:18PM +0000, J Lovejoy wrote:
3) While I have no inherent problem with the name 'Zero Clause BSD
License', it does bother me that the name has 'BSD' in it but the
license text is not clearly descended from the BSD license family.

"I have no problem, and here it is..."

In this sense both the name and the identifier are flawed. There is no
parallelism between the Zero Clause BSD License and the well-known
3-clause and 2-clause BSD licenses. I would probably not be objecting
to the identifier if it were '0ISC' rather than '0BSD' because the
Zero Clause BSD License is a stripped-down ISC license, not a
stripped-down BSD license.

So you still haven't looked back at the SPDX approval process for zero
clause BSD and noticed they raised that objection then, and got an answer?

http://lists.spdx.org/pipermail/spdx-legal/2015-June/001457.html

If the association between this license and ISC was important, why
didn't OSI's name for it mention ISC instead of making up a new name?

This is not the only public domain license derived from BSD licenses in
the wild. Here's one that did it by cutting down (I think, they don't
bother to specify) FreeBSD's license:

http://openwall.info/wiki/john/licensing

And that page links to another project using a variant that cut it down
a different way (also removing the virality but keeping the disclaimer).
Lots of people have done this lots of ways over the years.

And yet despite the many possible starting and ending points to strip
licenses down to public domain variants, OSI approved _exactly_ the same
text I chose. Which wasn't even submitted to OSI until a month after
SPDX published their decision to approve it, a year after Android merged
it, and two and a half years after I'd publicly started using it on a
project that Linux Weekly News has covered multiple times.

Not noticing _me_ is understandable, although it's not like I was being
quiet about it (unless you consider giving licensing talks ala
https://archive.org/download/OhioLinuxfest2013/24-Rob_Landley-The_Rise_and_Fall_of_Copyleft.mp3
and http://2014.texaslinuxfest.org/content/rise-and-fall-copyleft.html
and such to be "quiet").

I could even understand not noticing what Android was doing, although
the rest of the industry seems to be paying attention. (The android
command line is not a peripheral part of android, I got invited to Linux
Plumber's to talk about this a couple months back,
https://linuxplumbersconf.org/2015/ocw/proposals/2871 and yes I went
over the licensing aspect at length in that talk and oh look,
https://lwn.net/Articles/657139/ not only covers my talk by they linked
to my license page, using my license's name as the link text. September
14 is 2 weeks after the submission OSI acted upon, so presumably right
during OSI's analysis period?)

OSI failing to notice any of that doesn't surprise me. But OSI didn't
notice what _SPDX_ was doing, despite claiming to want to use SPDX
identifiers and thus having pretty much a DUTY to keep up there, and is
now asking SPDX to change to accommodate the results.

That's the part I don't get.

P.S. The JTR "BSD-like" license above recently came back to my attention
because although it was initially introduced just for new code (in an
otherwise GPLv2 project), a few days ago they started a concerted effort
to clean out their existing codebase so it can all go under this public
domain "BSD" license:

http://www.openwall.com/lists/john-users/2015/12/04/2

I.E. This GPL->PD trend is ongoing, and likely to continue for the
foreseeable future. That's why it's been a big enough issue for me to
keep talking about it at conferences for almost three years now.

I seem to be unusually careful in how I handle licensing for an open
source developer, but people who _haven't_ been a plaintiff in multiple
GPL enforcement suits and who weren't hired as a consultant by IBM's
lawyers to help defend against the SCO lawsuit and _don't_ respond to
people like Bruce Perens with https://busybox.net/~landley/forensics.txt
are generally doing this stuff in a much more ad-hoc way that
intentionally keeps lawyers as far away as possible. So legal groups may
not be promptly hearing directly about it from them, but the return to
public domain licensing isn't exactly a new issue out in the community.

4) Since I am coming at this from a viewpoint that is biased in favor
of the name of the license as submitted to the OSI, I can only object
to the idea that OSI should be expected to apply the identifier '0BSD'
to a license called the Free Public License 1.0.0.

By the time this license was submitted to OSI, SPDX had already
published its decision to approve it under the original BSD Zero Clause
name a month and change earlier, Android had merged it the previous
year, and I'd been publicly using it for 2 and 1/2 years in a project
covered on multiple occasions by Linux Weekly news.

Suggesting that SPDX amend an established decision predating the
_submission_ OSI acted upon (let alone OSI's approval process), entirely
because OSI did not do its homework, is not a comforting precedent.

Until this all instances of this particular license being cut down in
this particular way that I was aware of traced back to my doing so.
Other people have cut down plenty of other licenses in other ways for
this purpose, there are lots of starting and stopping points for a
"public domain license". I was trying to come up with one that corporate
legal departments could standardize on and that github could offer in
its dropdown, and felt the OpenBSD license text best served my purpose
there. I also emphasized that it was an existing license with half a
sentence removed as part of this sales pitch.

Perhaps the wording and the timing of OSI's submission, with
approximately the same sales pitch as I gave in my talks and wrote up on
my website, are just coincidences. I don't care about plagiarism or
attribution here. What I am annoyed by is that SPDX's approval of the
license I've been using for years under the name I've been using for
years is now _retroactively_ threatened by OSI's actions. SPDX refusing
to approve it would have been their right. (And given they already have
https://spdx.org/licenses/Unlicense.html and
https://spdx.org/licenses/CC0-1.0.html would even have been understandable.)

OSI coming along after the fact and going "oh, we renamed a license that
already exists, didn't even start the process until well after your
decision was published, so clearly YOU should change" is just disturbing.

5) For some time there's been some desire on the part of the OSI to
make use of the SPDX identifiers, and you can see evidence of this on
the OSI website. But I think with the Free Public License 1.0.0 and
also the recently-approved eCos License version 2.0 this policy has
reached a breaking point. In the case of eCos we can't seriously be
expected to entertain use of a short identifier that is longer than
the name of the license.

Great, eCos already broke your policy, moot point then. You can stop
expecting 100% correspondence on every license now and just use the ones
you find convenient. Glad we could resolve this.

(You're the one who brought it up...?)

We endeavor not to change the short identifiers unless there is an
extremely compelling reason and users of the SPDX License List (of
which there are many) rely on us to not make such changes unnecessarily.
I’m not sure I see the compelling reason here, especially when, as
Rob has now told us, part of the reason he submitted the license
to be on the SPDX License List was as per the request of a large

company using the SPDX short identifiers.

I'm not suggesting that the identifier be changed,

I also would like to avoid the SPDX identifier(s) changing.

but rather that two identifiers be adopted, each being considered
equally official in an SPDX sense.

Oh please no.

First, two names for the same thing blunts the marketing pitch. Second,
the venn diagram of "programmers who want something with Free in the
name" and "programmers who want to get as far away from copyleft as
possible" is basically two discrete circles. Attaching part of the Free
Software Foundation's name on this license would be detrimental to what
I'm trying to accomplish (increasing acceptance of public domain
licensing and migrating github users off of "no license specified").

Ultimately, the issue isn't too important,

If it doesn't affect what SPDX does, I agree.

but I simply can't bring
myself to use "0BSD" on the OSI website in the manner in which other
SPDX short identifiers have now been used.

Then... don't use it?

OSI failed to notice that SPDX had already approved a nearly identical
license a month and change before OSI even received its submission. I
noticed the approval over a month before your license's submission date
by checking SPDX's public spreadsheet of upcoming license approvals.

That OSI did _not_ do this, despite OSI's desire to use SPDX
identifiers, was a failure on OSI's part. You've brought up eCos to
indicate that this is not a unique failure.

I don't see how resolving the resulting conflict is SPDX's problem?

We do have some flexibility with the full name, which would be reasonably
to change to something like, "BSD Zero Clause / Free Public License

1.0.0”

(clunky, perhaps) and then also add a note as Richard did explaining the
similarity-yet-name-variation-possibility.

Richard Stallman has spent well over a decade attempting to associate
"free software" with copyleft. If you google for "free public software"
the first hit is http://www.gnu.org/philosophy/categories.en.html (and
if you add "license" the first hit is the FSF's GPLv3 page). This is not
a neutral term when discussing licenses.

I'd really rather ignore OSI entirely than explain that after zero
clause bsd had been in use for years, after it had been merged into
android and tizen, and after SPDX had published a decision to approve
it, OSI randomly accepted the same license under a different and
misleading name because this guy https://github.com/christianbundy said
so and OSI didn't do its homework. (Ok, that photo with the caption
"this guy" would make an entertaining slide, but entertaining damage
control is still damage control.)

But I doubt it will come up if SPDX leaves the existing names in place.
I was asked to submit this license to SPDX because people care about
that. Nobody ever asked me to submit it to OSI.

Rob

Hi Jilayne,

No but that was my thought as well after reading Rob's response. I
will check.

Thanks,
Richard


On Tue, Dec 08, 2015 at 08:16:15AM +0000, J Lovejoy wrote:

Richard,

Has anyone from OSI gone back to the folks who submitted the “Free Public License” and ask if they mind or care if the name that Rob prefers is used instead of the one they suggested? Seems like that could potentially be an easy solution.

Jilayne

SPDX Legal Team co-lead
opensource@...

On Dec 8, 2015, at 6:17 AM, Rob Landley <rob@...> wrote:

The tl;dr of this whole email is "I humbly ask SPDX to retain both its
original long and short names for zero clause BSD as the only SDPX
approved name for this license".

On 12/07/2015 01:56 PM, Richard Fontana wrote:

On Mon, Dec 07, 2015 at 07:30:18PM +0000, J Lovejoy wrote:
3) While I have no inherent problem with the name 'Zero Clause BSD
License', it does bother me that the name has 'BSD' in it but the
license text is not clearly descended from the BSD license family.

"I have no problem, and here it is..."

In this sense both the name and the identifier are flawed. There is no
parallelism between the Zero Clause BSD License and the well-known
3-clause and 2-clause BSD licenses. I would probably not be objecting
to the identifier if it were '0ISC' rather than '0BSD' because the
Zero Clause BSD License is a stripped-down ISC license, not a
stripped-down BSD license.

So you still haven't looked back at the SPDX approval process for zero
clause BSD and noticed they raised that objection then, and got an answer?

http://lists.spdx.org/pipermail/spdx-legal/2015-June/001457.html

If the association between this license and ISC was important, why
didn't OSI's name for it mention ISC instead of making up a new name?

This is not the only public domain license derived from BSD licenses in
the wild. Here's one that did it by cutting down (I think, they don't
bother to specify) FreeBSD's license:

http://openwall.info/wiki/john/licensing

And that page links to another project using a variant that cut it down
a different way (also removing the virality but keeping the disclaimer).
Lots of people have done this lots of ways over the years.

And yet despite the many possible starting and ending points to strip
licenses down to public domain variants, OSI approved _exactly_ the same
text I chose. Which wasn't even submitted to OSI until a month after
SPDX published their decision to approve it, a year after Android merged
it, and two and a half years after I'd publicly started using it on a
project that Linux Weekly News has covered multiple times.

Not noticing _me_ is understandable, although it's not like I was being
quiet about it (unless you consider giving licensing talks ala
https://archive.org/download/OhioLinuxfest2013/24-Rob_Landley-The_Rise_and_Fall_of_Copyleft.mp3
and http://2014.texaslinuxfest.org/content/rise-and-fall-copyleft.html
and such to be "quiet").

I could even understand not noticing what Android was doing, although
the rest of the industry seems to be paying attention. (The android
command line is not a peripheral part of android, I got invited to Linux
Plumber's to talk about this a couple months back,
https://linuxplumbersconf.org/2015/ocw/proposals/2871 and yes I went
over the licensing aspect at length in that talk and oh look,
https://lwn.net/Articles/657139/ not only covers my talk by they linked
to my license page, using my license's name as the link text. September
14 is 2 weeks after the submission OSI acted upon, so presumably right
during OSI's analysis period?)

OSI failing to notice any of that doesn't surprise me. But OSI didn't
notice what _SPDX_ was doing, despite claiming to want to use SPDX
identifiers and thus having pretty much a DUTY to keep up there, and is
now asking SPDX to change to accommodate the results.

That's the part I don't get.

P.S. The JTR "BSD-like" license above recently came back to my attention
because although it was initially introduced just for new code (in an
otherwise GPLv2 project), a few days ago they started a concerted effort
to clean out their existing codebase so it can all go under this public
domain "BSD" license:

http://www.openwall.com/lists/john-users/2015/12/04/2

I.E. This GPL->PD trend is ongoing, and likely to continue for the
foreseeable future. That's why it's been a big enough issue for me to
keep talking about it at conferences for almost three years now.

I seem to be unusually careful in how I handle licensing for an open
source developer, but people who _haven't_ been a plaintiff in multiple
GPL enforcement suits and who weren't hired as a consultant by IBM's
lawyers to help defend against the SCO lawsuit and _don't_ respond to
people like Bruce Perens with https://busybox.net/~landley/forensics.txt
are generally doing this stuff in a much more ad-hoc way that
intentionally keeps lawyers as far away as possible. So legal groups may
not be promptly hearing directly about it from them, but the return to
public domain licensing isn't exactly a new issue out in the community.

4) Since I am coming at this from a viewpoint that is biased in favor
of the name of the license as submitted to the OSI, I can only object
to the idea that OSI should be expected to apply the identifier '0BSD'
to a license called the Free Public License 1.0.0.

By the time this license was submitted to OSI, SPDX had already
published its decision to approve it under the original BSD Zero Clause
name a month and change earlier, Android had merged it the previous
year, and I'd been publicly using it for 2 and 1/2 years in a project
covered on multiple occasions by Linux Weekly news.

Suggesting that SPDX amend an established decision predating the
_submission_ OSI acted upon (let alone OSI's approval process), entirely
because OSI did not do its homework, is not a comforting precedent.

Until this all instances of this particular license being cut down in
this particular way that I was aware of traced back to my doing so.
Other people have cut down plenty of other licenses in other ways for
this purpose, there are lots of starting and stopping points for a
"public domain license". I was trying to come up with one that corporate
legal departments could standardize on and that github could offer in
its dropdown, and felt the OpenBSD license text best served my purpose
there. I also emphasized that it was an existing license with half a
sentence removed as part of this sales pitch.

Perhaps the wording and the timing of OSI's submission, with
approximately the same sales pitch as I gave in my talks and wrote up on
my website, are just coincidences. I don't care about plagiarism or
attribution here. What I am annoyed by is that SPDX's approval of the
license I've been using for years under the name I've been using for
years is now _retroactively_ threatened by OSI's actions. SPDX refusing
to approve it would have been their right. (And given they already have
https://spdx.org/licenses/Unlicense.html and
https://spdx.org/licenses/CC0-1.0.html would even have been understandable.)

OSI coming along after the fact and going "oh, we renamed a license that
already exists, didn't even start the process until well after your
decision was published, so clearly YOU should change" is just disturbing.

5) For some time there's been some desire on the part of the OSI to
make use of the SPDX identifiers, and you can see evidence of this on
the OSI website. But I think with the Free Public License 1.0.0 and
also the recently-approved eCos License version 2.0 this policy has
reached a breaking point. In the case of eCos we can't seriously be
expected to entertain use of a short identifier that is longer than
the name of the license.

Great, eCos already broke your policy, moot point then. You can stop
expecting 100% correspondence on every license now and just use the ones
you find convenient. Glad we could resolve this.

(You're the one who brought it up...?)

We endeavor not to change the short identifiers unless there is an
extremely compelling reason and users of the SPDX License List (of
which there are many) rely on us to not make such changes unnecessarily.
I’m not sure I see the compelling reason here, especially when, as
Rob has now told us, part of the reason he submitted the license
to be on the SPDX License List was as per the request of a large

company using the SPDX short identifiers.

I'm not suggesting that the identifier be changed,

I also would like to avoid the SPDX identifier(s) changing.

but rather that two identifiers be adopted, each being considered
equally official in an SPDX sense.

Oh please no.

First, two names for the same thing blunts the marketing pitch. Second,
the venn diagram of "programmers who want something with Free in the
name" and "programmers who want to get as far away from copyleft as
possible" is basically two discrete circles. Attaching part of the Free
Software Foundation's name on this license would be detrimental to what
I'm trying to accomplish (increasing acceptance of public domain
licensing and migrating github users off of "no license specified").

Ultimately, the issue isn't too important,

If it doesn't affect what SPDX does, I agree.

but I simply can't bring
myself to use "0BSD" on the OSI website in the manner in which other
SPDX short identifiers have now been used.

Then... don't use it?

OSI failed to notice that SPDX had already approved a nearly identical
license a month and change before OSI even received its submission. I
noticed the approval over a month before your license's submission date
by checking SPDX's public spreadsheet of upcoming license approvals.

That OSI did _not_ do this, despite OSI's desire to use SPDX
identifiers, was a failure on OSI's part. You've brought up eCos to
indicate that this is not a unique failure.

I don't see how resolving the resulting conflict is SPDX's problem?

We do have some flexibility with the full name, which would be reasonably
to change to something like, "BSD Zero Clause / Free Public License

1.0.0”

(clunky, perhaps) and then also add a note as Richard did explaining the
similarity-yet-name-variation-possibility.

Richard Stallman has spent well over a decade attempting to associate
"free software" with copyleft. If you google for "free public software"
the first hit is http://www.gnu.org/philosophy/categories.en.html (and
if you add "license" the first hit is the FSF's GPLv3 page). This is not
a neutral term when discussing licenses.

I'd really rather ignore OSI entirely than explain that after zero
clause bsd had been in use for years, after it had been merged into
android and tizen, and after SPDX had published a decision to approve
it, OSI randomly accepted the same license under a different and
misleading name because this guy https://github.com/christianbundy said
so and OSI didn't do its homework. (Ok, that photo with the caption
"this guy" would make an entertaining slide, but entertaining damage
control is still damage control.)

But I doubt it will come up if SPDX leaves the existing names in place.
I was asked to submit this license to SPDX because people care about
that. Nobody ever asked me to submit it to OSI.

Rob

On Dec 8, 2015, at 12:01 PM, Richard Fontana <fontana@...> wrote:

(Forwarding this to spdx-legal.)

On Tue, Dec 08, 2015 at 06:56:09AM -0500, Richard Fontana wrote:

Hi Jilayne,

No but that was my thought as well after reading Rob's response. I
will check.

Thanks,
Richard


On Tue, Dec 08, 2015 at 08:16:15AM +0000, J Lovejoy wrote:

Richard,

Has anyone from OSI gone back to the folks who submitted the “Free Public License” and ask if they mind or care if the name that Rob prefers is used instead of the one they suggested? Seems like that could potentially be an easy solution.

Jilayne

SPDX Legal Team co-lead
opensource@...

On Dec 8, 2015, at 6:17 AM, Rob Landley <rob@...> wrote:

The tl;dr of this whole email is "I humbly ask SPDX to retain both its
original long and short names for zero clause BSD as the only SDPX
approved name for this license".

On 12/07/2015 01:56 PM, Richard Fontana wrote:

On Mon, Dec 07, 2015 at 07:30:18PM +0000, J Lovejoy wrote:
3) While I have no inherent problem with the name 'Zero Clause BSD
License', it does bother me that the name has 'BSD' in it but the
license text is not clearly descended from the BSD license family.

"I have no problem, and here it is..."

In this sense both the name and the identifier are flawed. There is no
parallelism between the Zero Clause BSD License and the well-known
3-clause and 2-clause BSD licenses. I would probably not be objecting
to the identifier if it were '0ISC' rather than '0BSD' because the
Zero Clause BSD License is a stripped-down ISC license, not a
stripped-down BSD license.

So you still haven't looked back at the SPDX approval process for zero
clause BSD and noticed they raised that objection then, and got an answer?

http://lists.spdx.org/pipermail/spdx-legal/2015-June/001457.html

If the association between this license and ISC was important, why
didn't OSI's name for it mention ISC instead of making up a new name?

This is not the only public domain license derived from BSD licenses in
the wild. Here's one that did it by cutting down (I think, they don't
bother to specify) FreeBSD's license:

http://openwall.info/wiki/john/licensing

And that page links to another project using a variant that cut it down
a different way (also removing the virality but keeping the disclaimer).
Lots of people have done this lots of ways over the years.

And yet despite the many possible starting and ending points to strip
licenses down to public domain variants, OSI approved _exactly_ the same
text I chose. Which wasn't even submitted to OSI until a month after
SPDX published their decision to approve it, a year after Android merged
it, and two and a half years after I'd publicly started using it on a
project that Linux Weekly News has covered multiple times.

Not noticing _me_ is understandable, although it's not like I was being
quiet about it (unless you consider giving licensing talks ala
https://archive.org/download/OhioLinuxfest2013/24-Rob_Landley-The_Rise_and_Fall_of_Copyleft.mp3
and http://2014.texaslinuxfest.org/content/rise-and-fall-copyleft.html
and such to be "quiet").

I could even understand not noticing what Android was doing, although
the rest of the industry seems to be paying attention. (The android
command line is not a peripheral part of android, I got invited to Linux
Plumber's to talk about this a couple months back,
https://linuxplumbersconf.org/2015/ocw/proposals/2871 and yes I went
over the licensing aspect at length in that talk and oh look,
https://lwn.net/Articles/657139/ not only covers my talk by they linked
to my license page, using my license's name as the link text. September
14 is 2 weeks after the submission OSI acted upon, so presumably right
during OSI's analysis period?)

OSI failing to notice any of that doesn't surprise me. But OSI didn't
notice what _SPDX_ was doing, despite claiming to want to use SPDX
identifiers and thus having pretty much a DUTY to keep up there, and is
now asking SPDX to change to accommodate the results.

That's the part I don't get.

P.S. The JTR "BSD-like" license above recently came back to my attention
because although it was initially introduced just for new code (in an
otherwise GPLv2 project), a few days ago they started a concerted effort
to clean out their existing codebase so it can all go under this public
domain "BSD" license:

http://www.openwall.com/lists/john-users/2015/12/04/2

I.E. This GPL->PD trend is ongoing, and likely to continue for the
foreseeable future. That's why it's been a big enough issue for me to
keep talking about it at conferences for almost three years now.

I seem to be unusually careful in how I handle licensing for an open
source developer, but people who _haven't_ been a plaintiff in multiple
GPL enforcement suits and who weren't hired as a consultant by IBM's
lawyers to help defend against the SCO lawsuit and _don't_ respond to
people like Bruce Perens with https://busybox.net/~landley/forensics.txt
are generally doing this stuff in a much more ad-hoc way that
intentionally keeps lawyers as far away as possible. So legal groups may
not be promptly hearing directly about it from them, but the return to
public domain licensing isn't exactly a new issue out in the community.

4) Since I am coming at this from a viewpoint that is biased in favor
of the name of the license as submitted to the OSI, I can only object
to the idea that OSI should be expected to apply the identifier '0BSD'
to a license called the Free Public License 1.0.0.

By the time this license was submitted to OSI, SPDX had already
published its decision to approve it under the original BSD Zero Clause
name a month and change earlier, Android had merged it the previous
year, and I'd been publicly using it for 2 and 1/2 years in a project
covered on multiple occasions by Linux Weekly news.

Suggesting that SPDX amend an established decision predating the
_submission_ OSI acted upon (let alone OSI's approval process), entirely
because OSI did not do its homework, is not a comforting precedent.

Until this all instances of this particular license being cut down in
this particular way that I was aware of traced back to my doing so.
Other people have cut down plenty of other licenses in other ways for
this purpose, there are lots of starting and stopping points for a
"public domain license". I was trying to come up with one that corporate
legal departments could standardize on and that github could offer in
its dropdown, and felt the OpenBSD license text best served my purpose
there. I also emphasized that it was an existing license with half a
sentence removed as part of this sales pitch.

Perhaps the wording and the timing of OSI's submission, with
approximately the same sales pitch as I gave in my talks and wrote up on
my website, are just coincidences. I don't care about plagiarism or
attribution here. What I am annoyed by is that SPDX's approval of the
license I've been using for years under the name I've been using for
years is now _retroactively_ threatened by OSI's actions. SPDX refusing
to approve it would have been their right. (And given they already have
https://spdx.org/licenses/Unlicense.html and
https://spdx.org/licenses/CC0-1.0.html would even have been understandable.)

OSI coming along after the fact and going "oh, we renamed a license that
already exists, didn't even start the process until well after your
decision was published, so clearly YOU should change" is just disturbing.

5) For some time there's been some desire on the part of the OSI to
make use of the SPDX identifiers, and you can see evidence of this on
the OSI website. But I think with the Free Public License 1.0.0 and
also the recently-approved eCos License version 2.0 this policy has
reached a breaking point. In the case of eCos we can't seriously be
expected to entertain use of a short identifier that is longer than
the name of the license.

Great, eCos already broke your policy, moot point then. You can stop
expecting 100% correspondence on every license now and just use the ones
you find convenient. Glad we could resolve this.

(You're the one who brought it up...?)

We endeavor not to change the short identifiers unless there is an
extremely compelling reason and users of the SPDX License List (of
which there are many) rely on us to not make such changes unnecessarily.
I’m not sure I see the compelling reason here, especially when, as
Rob has now told us, part of the reason he submitted the license
to be on the SPDX License List was as per the request of a large

company using the SPDX short identifiers.

I'm not suggesting that the identifier be changed,

I also would like to avoid the SPDX identifier(s) changing.

but rather that two identifiers be adopted, each being considered
equally official in an SPDX sense.

Oh please no.

First, two names for the same thing blunts the marketing pitch. Second,
the venn diagram of "programmers who want something with Free in the
name" and "programmers who want to get as far away from copyleft as
possible" is basically two discrete circles. Attaching part of the Free
Software Foundation's name on this license would be detrimental to what
I'm trying to accomplish (increasing acceptance of public domain
licensing and migrating github users off of "no license specified").

Ultimately, the issue isn't too important,

If it doesn't affect what SPDX does, I agree.

but I simply can't bring
myself to use "0BSD" on the OSI website in the manner in which other
SPDX short identifiers have now been used.

Then... don't use it?

OSI failed to notice that SPDX had already approved a nearly identical
license a month and change before OSI even received its submission. I
noticed the approval over a month before your license's submission date
by checking SPDX's public spreadsheet of upcoming license approvals.

That OSI did _not_ do this, despite OSI's desire to use SPDX
identifiers, was a failure on OSI's part. You've brought up eCos to
indicate that this is not a unique failure.

I don't see how resolving the resulting conflict is SPDX's problem?

We do have some flexibility with the full name, which would be reasonably
to change to something like, "BSD Zero Clause / Free Public License

1.0.0”

(clunky, perhaps) and then also add a note as Richard did explaining the
similarity-yet-name-variation-possibility.

Richard Stallman has spent well over a decade attempting to associate
"free software" with copyleft. If you google for "free public software"
the first hit is http://www.gnu.org/philosophy/categories.en.html (and
if you add "license" the first hit is the FSF's GPLv3 page). This is not
a neutral term when discussing licenses.

I'd really rather ignore OSI entirely than explain that after zero
clause bsd had been in use for years, after it had been merged into
android and tizen, and after SPDX had published a decision to approve
it, OSI randomly accepted the same license under a different and
misleading name because this guy https://github.com/christianbundy said
so and OSI didn't do its homework. (Ok, that photo with the caption
"this guy" would make an entertaining slide, but entertaining damage
control is still damage control.)

But I doubt it will come up if SPDX leaves the existing names in place.
I was asked to submit this license to SPDX because people care about
that. Nobody ever asked me to submit it to OSI.

Rob

_______________________________________________
Spdx-legal mailing list
Spdx-legal@...
https://lists.spdx.org/mailman/listinfo/spdx-legal

Having more of a think on this - It may be more appropriate for Rob to talk to the “Free Public License” folks.
Rob - your thoughts?

Cheers,
Jilayne

On Tue, Dec 08, 2015 at 06:56:09AM -0500, Richard Fontana wrote:

Hi Jilayne,

No but that was my thought as well after reading Rob's response. I
will check.

Thanks,
Richard


On Tue, Dec 08, 2015 at 08:16:15AM +0000, J Lovejoy wrote:

Richard,

Has anyone from OSI gone back to the folks who submitted the “Free Public License” and ask if they mind or care if the name that Rob prefers is used instead of the one they suggested? Seems like that could potentially be an easy solution.

Jilayne

SPDX Legal Team co-lead
opensource@...

On Dec 8, 2015, at 6:17 AM, Rob Landley <rob@...> wrote:

The tl;dr of this whole email is "I humbly ask SPDX to retain both its
original long and short names for zero clause BSD as the only SDPX
approved name for this license".

On 12/07/2015 01:56 PM, Richard Fontana wrote:

On Mon, Dec 07, 2015 at 07:30:18PM +0000, J Lovejoy wrote:
3) While I have no inherent problem with the name 'Zero Clause BSD
License', it does bother me that the name has 'BSD' in it but the
license text is not clearly descended from the BSD license family.

"I have no problem, and here it is..."

In this sense both the name and the identifier are flawed. There is no
parallelism between the Zero Clause BSD License and the well-known
3-clause and 2-clause BSD licenses. I would probably not be objecting
to the identifier if it were '0ISC' rather than '0BSD' because the
Zero Clause BSD License is a stripped-down ISC license, not a
stripped-down BSD license.

So you still haven't looked back at the SPDX approval process for zero
clause BSD and noticed they raised that objection then, and got an answer?

http://lists.spdx.org/pipermail/spdx-legal/2015-June/001457.html

If the association between this license and ISC was important, why
didn't OSI's name for it mention ISC instead of making up a new name?

This is not the only public domain license derived from BSD licenses in
the wild. Here's one that did it by cutting down (I think, they don't
bother to specify) FreeBSD's license:

http://openwall.info/wiki/john/licensing

And that page links to another project using a variant that cut it down
a different way (also removing the virality but keeping the disclaimer).
Lots of people have done this lots of ways over the years.

And yet despite the many possible starting and ending points to strip
licenses down to public domain variants, OSI approved _exactly_ the same
text I chose. Which wasn't even submitted to OSI until a month after
SPDX published their decision to approve it, a year after Android merged
it, and two and a half years after I'd publicly started using it on a
project that Linux Weekly News has covered multiple times.

Not noticing _me_ is understandable, although it's not like I was being
quiet about it (unless you consider giving licensing talks ala
https://archive.org/download/OhioLinuxfest2013/24-Rob_Landley-The_Rise_and_Fall_of_Copyleft.mp3
and http://2014.texaslinuxfest.org/content/rise-and-fall-copyleft.html
and such to be "quiet").

I could even understand not noticing what Android was doing, although
the rest of the industry seems to be paying attention. (The android
command line is not a peripheral part of android, I got invited to Linux
Plumber's to talk about this a couple months back,
https://linuxplumbersconf.org/2015/ocw/proposals/2871 and yes I went
over the licensing aspect at length in that talk and oh look,
https://lwn.net/Articles/657139/ not only covers my talk by they linked
to my license page, using my license's name as the link text. September
14 is 2 weeks after the submission OSI acted upon, so presumably right
during OSI's analysis period?)

OSI failing to notice any of that doesn't surprise me. But OSI didn't
notice what _SPDX_ was doing, despite claiming to want to use SPDX
identifiers and thus having pretty much a DUTY to keep up there, and is
now asking SPDX to change to accommodate the results.

That's the part I don't get.

P.S. The JTR "BSD-like" license above recently came back to my attention
because although it was initially introduced just for new code (in an
otherwise GPLv2 project), a few days ago they started a concerted effort
to clean out their existing codebase so it can all go under this public
domain "BSD" license:

http://www.openwall.com/lists/john-users/2015/12/04/2

I.E. This GPL->PD trend is ongoing, and likely to continue for the
foreseeable future. That's why it's been a big enough issue for me to
keep talking about it at conferences for almost three years now.

I seem to be unusually careful in how I handle licensing for an open
source developer, but people who _haven't_ been a plaintiff in multiple
GPL enforcement suits and who weren't hired as a consultant by IBM's
lawyers to help defend against the SCO lawsuit and _don't_ respond to
people like Bruce Perens with https://busybox.net/~landley/forensics.txt
are generally doing this stuff in a much more ad-hoc way that
intentionally keeps lawyers as far away as possible. So legal groups may
not be promptly hearing directly about it from them, but the return to
public domain licensing isn't exactly a new issue out in the community.

4) Since I am coming at this from a viewpoint that is biased in favor
of the name of the license as submitted to the OSI, I can only object
to the idea that OSI should be expected to apply the identifier '0BSD'
to a license called the Free Public License 1.0.0.

By the time this license was submitted to OSI, SPDX had already
published its decision to approve it under the original BSD Zero Clause
name a month and change earlier, Android had merged it the previous
year, and I'd been publicly using it for 2 and 1/2 years in a project
covered on multiple occasions by Linux Weekly news.

Suggesting that SPDX amend an established decision predating the
_submission_ OSI acted upon (let alone OSI's approval process), entirely
because OSI did not do its homework, is not a comforting precedent.

Until this all instances of this particular license being cut down in
this particular way that I was aware of traced back to my doing so.
Other people have cut down plenty of other licenses in other ways for
this purpose, there are lots of starting and stopping points for a
"public domain license". I was trying to come up with one that corporate
legal departments could standardize on and that github could offer in
its dropdown, and felt the OpenBSD license text best served my purpose
there. I also emphasized that it was an existing license with half a
sentence removed as part of this sales pitch.

Perhaps the wording and the timing of OSI's submission, with
approximately the same sales pitch as I gave in my talks and wrote up on
my website, are just coincidences. I don't care about plagiarism or
attribution here. What I am annoyed by is that SPDX's approval of the
license I've been using for years under the name I've been using for
years is now _retroactively_ threatened by OSI's actions. SPDX refusing
to approve it would have been their right. (And given they already have
https://spdx.org/licenses/Unlicense.html and
https://spdx.org/licenses/CC0-1.0.html would even have been understandable.)

OSI coming along after the fact and going "oh, we renamed a license that
already exists, didn't even start the process until well after your
decision was published, so clearly YOU should change" is just disturbing.

5) For some time there's been some desire on the part of the OSI to
make use of the SPDX identifiers, and you can see evidence of this on
the OSI website. But I think with the Free Public License 1.0.0 and
also the recently-approved eCos License version 2.0 this policy has
reached a breaking point. In the case of eCos we can't seriously be
expected to entertain use of a short identifier that is longer than
the name of the license.

Great, eCos already broke your policy, moot point then. You can stop
expecting 100% correspondence on every license now and just use the ones
you find convenient. Glad we could resolve this.

(You're the one who brought it up...?)

We endeavor not to change the short identifiers unless there is an
extremely compelling reason and users of the SPDX License List (of
which there are many) rely on us to not make such changes unnecessarily.
I’m not sure I see the compelling reason here, especially when, as
Rob has now told us, part of the reason he submitted the license
to be on the SPDX License List was as per the request of a large

company using the SPDX short identifiers.

I'm not suggesting that the identifier be changed,

I also would like to avoid the SPDX identifier(s) changing.

but rather that two identifiers be adopted, each being considered
equally official in an SPDX sense.

Oh please no.

First, two names for the same thing blunts the marketing pitch. Second,
the venn diagram of "programmers who want something with Free in the
name" and "programmers who want to get as far away from copyleft as
possible" is basically two discrete circles. Attaching part of the Free
Software Foundation's name on this license would be detrimental to what
I'm trying to accomplish (increasing acceptance of public domain
licensing and migrating github users off of "no license specified").

Ultimately, the issue isn't too important,

If it doesn't affect what SPDX does, I agree.

but I simply can't bring
myself to use "0BSD" on the OSI website in the manner in which other
SPDX short identifiers have now been used.

Then... don't use it?

OSI failed to notice that SPDX had already approved a nearly identical
license a month and change before OSI even received its submission. I
noticed the approval over a month before your license's submission date
by checking SPDX's public spreadsheet of upcoming license approvals.

That OSI did _not_ do this, despite OSI's desire to use SPDX
identifiers, was a failure on OSI's part. You've brought up eCos to
indicate that this is not a unique failure.

I don't see how resolving the resulting conflict is SPDX's problem?

We do have some flexibility with the full name, which would be reasonably
to change to something like, "BSD Zero Clause / Free Public License

1.0.0”

(clunky, perhaps) and then also add a note as Richard did explaining the
similarity-yet-name-variation-possibility.

Richard Stallman has spent well over a decade attempting to associate
"free software" with copyleft. If you google for "free public software"
the first hit is http://www.gnu.org/philosophy/categories.en.html (and
if you add "license" the first hit is the FSF's GPLv3 page). This is not
a neutral term when discussing licenses.

I'd really rather ignore OSI entirely than explain that after zero
clause bsd had been in use for years, after it had been merged into
android and tizen, and after SPDX had published a decision to approve
it, OSI randomly accepted the same license under a different and
misleading name because this guy https://github.com/christianbundy said
so and OSI didn't do its homework. (Ok, that photo with the caption
"this guy" would make an entertaining slide, but entertaining damage
control is still damage control.)

But I doubt it will come up if SPDX leaves the existing names in place.
I was asked to submit this license to SPDX because people care about
that. Nobody ever asked me to submit it to OSI.

Rob

_______________________________________________
Spdx-legal mailing list
Spdx-legal@...
https://lists.spdx.org/mailman/listinfo/spdx-legal

SPDX Legal Team co-lead
opensource@...

Having more of a think on this - It may be more appropriate for Rob to talk to the “Free Public License” folks.
Rob - your thoughts?

Cheers,
Jilayne

On Tue, Dec 08, 2015 at 06:56:09AM -0500, Richard Fontana wrote:

Hi Jilayne,

No but that was my thought as well after reading Rob's response. I
will check.

Thanks,
Richard


On Tue, Dec 08, 2015 at 08:16:15AM +0000, J Lovejoy wrote:

Richard,

Has anyone from OSI gone back to the folks who submitted the “Free Public License” and ask if they mind or care if the name that Rob prefers is used instead of the one they suggested? Seems like that could potentially be an easy solution.

Jilayne

SPDX Legal Team co-lead
opensource@...

On Dec 8, 2015, at 6:17 AM, Rob Landley <rob@...> wrote:

The tl;dr of this whole email is "I humbly ask SPDX to retain both its
original long and short names for zero clause BSD as the only SDPX
approved name for this license".

On 12/07/2015 01:56 PM, Richard Fontana wrote:

On Mon, Dec 07, 2015 at 07:30:18PM +0000, J Lovejoy wrote:
3) While I have no inherent problem with the name 'Zero Clause BSD
License', it does bother me that the name has 'BSD' in it but the
license text is not clearly descended from the BSD license family.

"I have no problem, and here it is..."

In this sense both the name and the identifier are flawed. There is no
parallelism between the Zero Clause BSD License and the well-known
3-clause and 2-clause BSD licenses. I would probably not be objecting
to the identifier if it were '0ISC' rather than '0BSD' because the
Zero Clause BSD License is a stripped-down ISC license, not a
stripped-down BSD license.

So you still haven't looked back at the SPDX approval process for zero
clause BSD and noticed they raised that objection then, and got an answer?

http://lists.spdx.org/pipermail/spdx-legal/2015-June/001457.html

If the association between this license and ISC was important, why
didn't OSI's name for it mention ISC instead of making up a new name?

This is not the only public domain license derived from BSD licenses in
the wild. Here's one that did it by cutting down (I think, they don't
bother to specify) FreeBSD's license:

http://openwall.info/wiki/john/licensing

And that page links to another project using a variant that cut it down
a different way (also removing the virality but keeping the disclaimer).
Lots of people have done this lots of ways over the years.

And yet despite the many possible starting and ending points to strip
licenses down to public domain variants, OSI approved _exactly_ the same
text I chose. Which wasn't even submitted to OSI until a month after
SPDX published their decision to approve it, a year after Android merged
it, and two and a half years after I'd publicly started using it on a
project that Linux Weekly News has covered multiple times.

Not noticing _me_ is understandable, although it's not like I was being
quiet about it (unless you consider giving licensing talks ala
https://archive.org/download/OhioLinuxfest2013/24-Rob_Landley-The_Rise_and_Fall_of_Copyleft.mp3
and http://2014.texaslinuxfest.org/content/rise-and-fall-copyleft.html
and such to be "quiet").

I could even understand not noticing what Android was doing, although
the rest of the industry seems to be paying attention. (The android
command line is not a peripheral part of android, I got invited to Linux
Plumber's to talk about this a couple months back,
https://linuxplumbersconf.org/2015/ocw/proposals/2871 and yes I went
over the licensing aspect at length in that talk and oh look,
https://lwn.net/Articles/657139/ not only covers my talk by they linked
to my license page, using my license's name as the link text. September
14 is 2 weeks after the submission OSI acted upon, so presumably right
during OSI's analysis period?)

OSI failing to notice any of that doesn't surprise me. But OSI didn't
notice what _SPDX_ was doing, despite claiming to want to use SPDX
identifiers and thus having pretty much a DUTY to keep up there, and is
now asking SPDX to change to accommodate the results.

That's the part I don't get.

P.S. The JTR "BSD-like" license above recently came back to my attention
because although it was initially introduced just for new code (in an
otherwise GPLv2 project), a few days ago they started a concerted effort
to clean out their existing codebase so it can all go under this public
domain "BSD" license:

http://www.openwall.com/lists/john-users/2015/12/04/2

I.E. This GPL->PD trend is ongoing, and likely to continue for the
foreseeable future. That's why it's been a big enough issue for me to
keep talking about it at conferences for almost three years now.

I seem to be unusually careful in how I handle licensing for an open
source developer, but people who _haven't_ been a plaintiff in multiple
GPL enforcement suits and who weren't hired as a consultant by IBM's
lawyers to help defend against the SCO lawsuit and _don't_ respond to
people like Bruce Perens with https://busybox.net/~landley/forensics.txt
are generally doing this stuff in a much more ad-hoc way that
intentionally keeps lawyers as far away as possible. So legal groups may
not be promptly hearing directly about it from them, but the return to
public domain licensing isn't exactly a new issue out in the community.

4) Since I am coming at this from a viewpoint that is biased in favor
of the name of the license as submitted to the OSI, I can only object
to the idea that OSI should be expected to apply the identifier '0BSD'
to a license called the Free Public License 1.0.0.

By the time this license was submitted to OSI, SPDX had already
published its decision to approve it under the original BSD Zero Clause
name a month and change earlier, Android had merged it the previous
year, and I'd been publicly using it for 2 and 1/2 years in a project
covered on multiple occasions by Linux Weekly news.

Suggesting that SPDX amend an established decision predating the
_submission_ OSI acted upon (let alone OSI's approval process), entirely
because OSI did not do its homework, is not a comforting precedent.

Until this all instances of this particular license being cut down in
this particular way that I was aware of traced back to my doing so.
Other people have cut down plenty of other licenses in other ways for
this purpose, there are lots of starting and stopping points for a
"public domain license". I was trying to come up with one that corporate
legal departments could standardize on and that github could offer in
its dropdown, and felt the OpenBSD license text best served my purpose
there. I also emphasized that it was an existing license with half a
sentence removed as part of this sales pitch.

Perhaps the wording and the timing of OSI's submission, with
approximately the same sales pitch as I gave in my talks and wrote up on
my website, are just coincidences. I don't care about plagiarism or
attribution here. What I am annoyed by is that SPDX's approval of the
license I've been using for years under the name I've been using for
years is now _retroactively_ threatened by OSI's actions. SPDX refusing
to approve it would have been their right. (And given they already have
https://spdx.org/licenses/Unlicense.html and
https://spdx.org/licenses/CC0-1.0.html would even have been understandable.)

OSI coming along after the fact and going "oh, we renamed a license that
already exists, didn't even start the process until well after your
decision was published, so clearly YOU should change" is just disturbing.

5) For some time there's been some desire on the part of the OSI to
make use of the SPDX identifiers, and you can see evidence of this on
the OSI website. But I think with the Free Public License 1.0.0 and
also the recently-approved eCos License version 2.0 this policy has
reached a breaking point. In the case of eCos we can't seriously be
expected to entertain use of a short identifier that is longer than
the name of the license.

Great, eCos already broke your policy, moot point then. You can stop
expecting 100% correspondence on every license now and just use the ones
you find convenient. Glad we could resolve this.

(You're the one who brought it up...?)

We endeavor not to change the short identifiers unless there is an
extremely compelling reason and users of the SPDX License List (of
which there are many) rely on us to not make such changes unnecessarily.
I’m not sure I see the compelling reason here, especially when, as
Rob has now told us, part of the reason he submitted the license
to be on the SPDX License List was as per the request of a large

company using the SPDX short identifiers.

I'm not suggesting that the identifier be changed,

I also would like to avoid the SPDX identifier(s) changing.

but rather that two identifiers be adopted, each being considered
equally official in an SPDX sense.

Oh please no.

First, two names for the same thing blunts the marketing pitch. Second,
the venn diagram of "programmers who want something with Free in the
name" and "programmers who want to get as far away from copyleft as
possible" is basically two discrete circles. Attaching part of the Free
Software Foundation's name on this license would be detrimental to what
I'm trying to accomplish (increasing acceptance of public domain
licensing and migrating github users off of "no license specified").

Ultimately, the issue isn't too important,

If it doesn't affect what SPDX does, I agree.

but I simply can't bring
myself to use "0BSD" on the OSI website in the manner in which other
SPDX short identifiers have now been used.

Then... don't use it?

OSI failed to notice that SPDX had already approved a nearly identical
license a month and change before OSI even received its submission. I
noticed the approval over a month before your license's submission date
by checking SPDX's public spreadsheet of upcoming license approvals.

That OSI did _not_ do this, despite OSI's desire to use SPDX
identifiers, was a failure on OSI's part. You've brought up eCos to
indicate that this is not a unique failure.

I don't see how resolving the resulting conflict is SPDX's problem?

We do have some flexibility with the full name, which would be reasonably
to change to something like, "BSD Zero Clause / Free Public License

1.0.0”

(clunky, perhaps) and then also add a note as Richard did explaining the
similarity-yet-name-variation-possibility.

Richard Stallman has spent well over a decade attempting to associate
"free software" with copyleft. If you google for "free public software"
the first hit is http://www.gnu.org/philosophy/categories.en.html (and
if you add "license" the first hit is the FSF's GPLv3 page). This is not
a neutral term when discussing licenses.

I'd really rather ignore OSI entirely than explain that after zero
clause bsd had been in use for years, after it had been merged into
android and tizen, and after SPDX had published a decision to approve
it, OSI randomly accepted the same license under a different and
misleading name because this guy https://github.com/christianbundy said
so and OSI didn't do its homework. (Ok, that photo with the caption
"this guy" would make an entertaining slide, but entertaining damage
control is still damage control.)

But I doubt it will come up if SPDX leaves the existing names in place.
I was asked to submit this license to SPDX because people care about
that. Nobody ever asked me to submit it to OSI.

Rob

_______________________________________________
Spdx-legal mailing list
Spdx-legal@...
https://lists.spdx.org/mailman/listinfo/spdx-legal

SPDX Legal Team co-lead
opensource@...