Re: FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")


Thank you very much for your quick answer and suggestions.

My goal is not only to standardize the legal text of our FOSS clauses. It is also to
1) raise awareness about being able to provide the list of FOSS in a proprietary product or in a big FOSS distribution (Linux, Open BSD, Eclipse, Swing, ...)
2) Big companies are reluctant to provide you a FOSS list. They are more or less in compliance but some of them provide you a URL on their web site on which you find the list of their products and for each of them a several megabyte ASCII File with the list of all licenses of FOSS on their products. That's not usable at all. If one of their customer want to resale their product in one of its products it has to read everything and identify every action to comply "Ha yes this is apache1.1 so I have to put some acknowledgement in my documentation!".
3) Liability clause/money damage. Big companies are not always accepting it. I have been told by some of their lawyers: how can we guarantee that we are not doing mistakes this is a too complex world. If you take a Linux distribution with 6000 package and you look at packages, you can find hundreds of various licenses in one package. Small companies accept more easily these conditions, but they have not too much money. How do you value the fact that you have to stop to distribute your product or the potential issue to have to disclose your source code while it was not planned and it is not your fault.
4) .... a lot of other issues

I would challenge the SPDX members to take a Linux standard distribution and to provide me the SPDX file at file level (not at package level). Yes open source is great but it is also really a Bazard 8-) and with maven and cloud computing it will become worse.

So the effort is tremendous and cannot be done by one company, it should be shared. And it is time to start.

So I will study the short terms options you propose. But for the long term, I would to start to create a new mailing list of people who are intereted in discussing FOSS governance standardization issues (to start: FOSS clause in contracts, having a common Database under a king of Wikipedia contribution system describing FOSS IP, having public tutorial on FOSS issues, and perhaps things like lobbying to reduce the number of FOSS licenses, ...); Martin, can we use the FOSS Bazaar infrastructure to create the mailing list?

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

-----Message d'origine-----
De : Bradley M. Kuhn [mailto:bkuhn@...]
Envoyé : vendredi 15 juin 2012 19:49
Cc : spdx@...
Objet : FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")


I went back and read your previous posts from February on this topic,
(as I mentioned earlier in this thread, I don't follow SPDX closely. I
mostly joined this thread (Kibo-like) when the term "FSF" came up).

However, having gotten fully caught up on your posts, I think your idea
is a useful one. In my work doing GPL compliance, I have often had
situations where a downstream company has violated and they never
actually had clear clauses in their contract with upstream about what
would happen if a FLOSS license was violated. This has caused mass
confusion and made it more difficult to get the company into compliance.

In a few cases, there *were* clearly developed clauses like the ones you
mention, and it did indeed facilitate more easy work getting to compliance
on the product.

So, I'm thus supportive of your effort to
promulgate these standardized clauses regarding use of FLOSS in
upstream/downstream contracts. Meanwhile, I wish I had a better
suggestion for you of where to talk about the idea....

RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
what is your suggestion for me to try to standardize these FOSS
clauses. What organization? I have tried SPDX, I have been advised to
go to FSFE legal network.
... as others have suggested, FOSS Bazaar might be a good place.

I have join the FSFE legal network and I tried to get a reaction
without success except "that's interesting"
It sounds like in addition to my objections to ftf-legal, that there
were other issues: your description seems to indicate ftf-legal wasn't
that interested in this giving useful feedback and collaboration on the

Any suggestion of organization that would have a look?
There was once a forum called "open-bar", which is at: but it's mostly defunct AFAICT.
The mailing lists disappeared a while back. The last email from I have
in my archives for <discuss-general@...> was Tuesday 18 Mar

Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
we had some very brief discussions about creating a forum for discussion
that was open and available to all about these issues (like open bar
was). However, it's unclear if, as a community, we're at a "build it
and they would come" moment, so none of us from the FOSDEM 2012 track
have put effort in.

Thus, at the moment, I think FOSS Bazaar is probably the best place to
host this sort of discussion venue, so I think if you want an immediate
discussion about your specific topic, that's probably the place to

Also, as a medium-term suggestion, I strongly recommend you propose a
talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
(sadly, North America CFP just closed), or (c) at the 2013 Linux
Collaboration Summit Legal Track (which Richard Fontana & I will
co-chair) about the topic. Speaking about the topic at conferences is a
great way to get interest and feedback.

Long term, as a community, it'd be good to solve this general issue: the
fora that exist for Legal, Licensing and Policy issues in Free Software
are scattered across many different places, and some of the primary ones
are closed clubs. I've been witnessing the problem for years and I
don't have a good solution to propose to solve it.
-- bkuhn

Join { to automatically receive all group messages.