Re: FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")


First I Would like enlighten that when I speak on the SPDX or FSFE mailing list I speak for the Alcatel-Lucent company; I check before with our FOSS executive committee that I can say things (in most of the cases 8-). But I am not a lawyer and I know this might be tricky discussions in term of company and what you have said. So What I say is not officially the Company stamped decision in term of legal (except if stamped) but it is the rough direction of the company, However it reflects the company policy. Barry Freedman is the official guy to accept or not what I am saying. I guess it is important to notice this.

So Barry and myself are more or less co-directing the Alcatel-lucent internal Executive committee since 2007. He is the lawyer, I am the technical guy with a bit of paralegal training (we have 8 or 10 other members in this committee).

So today our points are the following

1) SPDX standard. After discussing with Marc-Etienne who is trying to align our FOSS DB on the SPDX standard we will have to add SHA-1 checksums to our DB. Since we have not that we will look to partners to provide us the data. But in any case we will not have them for all/old entries, so the SPDX standard needs to cope with this kind of situation.

1 bis) what modification we need to do to SDPX standard when we are not able to provide it and to be able to export information.

1 ter) we have issue with the licensing issues of data when coming from SPDX standard: data are public domain with some restriction, but it is not clear

2)Alcatel-Lucent FOSS clauses in suppliers contracts. What group I should contact for standardization of these clauses?

3) Alcatel-lucent is willing to "open source" its FOSS DB Who is interested and how to make this things works

4) Alcatel-Lucent has a lot of tutorials on open source; It is a tremendous work to maintain them, they have been registered on webinar, we are now thinking to update everything and to translate them in foreign languages such as Chinese. Perhaps we can share this effort

Should we create a FOSS governance task force? If SPDX is not the good place, If SFSE legal network is not the good place, tell me where!

Alcatel-lucent is committed to respect the open source licences philosophies (not only the legal part of it) but we need help because this is far to be clear.

That's my Friday evening email, Please think about this, we need to put our forces together.

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

-----Message d'origine-----
De : Bradley M. Kuhn [mailto:bkuhn@...]
Envoyé : vendredi 15 juin 2012 19:49
Cc : spdx@...
Objet : FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")


I went back and read your previous posts from February on this topic,
(as I mentioned earlier in this thread, I don't follow SPDX closely. I
mostly joined this thread (Kibo-like) when the term "FSF" came up).

However, having gotten fully caught up on your posts, I think your idea
is a useful one. In my work doing GPL compliance, I have often had
situations where a downstream company has violated and they never
actually had clear clauses in their contract with upstream about what
would happen if a FLOSS license was violated. This has caused mass
confusion and made it more difficult to get the company into compliance.

In a few cases, there *were* clearly developed clauses like the ones you
mention, and it did indeed facilitate more easy work getting to compliance
on the product.

So, I'm thus supportive of your effort to
promulgate these standardized clauses regarding use of FLOSS in
upstream/downstream contracts. Meanwhile, I wish I had a better
suggestion for you of where to talk about the idea....

RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
what is your suggestion for me to try to standardize these FOSS
clauses. What organization? I have tried SPDX, I have been advised to
go to FSFE legal network.
... as others have suggested, FOSS Bazaar might be a good place.

I have join the FSFE legal network and I tried to get a reaction
without success except "that's interesting"
It sounds like in addition to my objections to ftf-legal, that there
were other issues: your description seems to indicate ftf-legal wasn't
that interested in this giving useful feedback and collaboration on the

Any suggestion of organization that would have a look?
There was once a forum called "open-bar", which is at: but it's mostly defunct AFAICT.
The mailing lists disappeared a while back. The last email from I have
in my archives for <discuss-general@...> was Tuesday 18 Mar

Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
we had some very brief discussions about creating a forum for discussion
that was open and available to all about these issues (like open bar
was). However, it's unclear if, as a community, we're at a "build it
and they would come" moment, so none of us from the FOSDEM 2012 track
have put effort in.

Thus, at the moment, I think FOSS Bazaar is probably the best place to
host this sort of discussion venue, so I think if you want an immediate
discussion about your specific topic, that's probably the place to

Also, as a medium-term suggestion, I strongly recommend you propose a
talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
(sadly, North America CFP just closed), or (c) at the 2013 Linux
Collaboration Summit Legal Track (which Richard Fontana & I will
co-chair) about the topic. Speaking about the topic at conferences is a
great way to get interest and feedback.

Long term, as a community, it'd be good to solve this general issue: the
fora that exist for Legal, Licensing and Policy issues in Free Software
are scattered across many different places, and some of the primary ones
are closed clubs. I've been witnessing the problem for years and I
don't have a good solution to propose to solve it.
-- bkuhn

Join { to automatically receive all group messages.