Re: FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")

Philip Odence

Your idea about standard FOSS clauses might fit into the charter of the
Linux Foundation Open Compliance Program. (To head off the
question, the program is for open source compliance in general, not
limited to Linux.)
I am cc'ing Ibrahim who coordinates that for the LF with hopes that he
will weigh in. (I believe, he's out of the office this week, so he may not
respond immediately.)

On 6/18/12 9:30 AM, "RUFFIN, MICHEL (MICHEL)"
<michel.ruffin@...> wrote:

Thank you very much for your quick answer and suggestions.

My goal is not only to standardize the legal text of our FOSS clauses. It
is also to
1) raise awareness about being able to provide the list of FOSS in a
proprietary product or in a big FOSS distribution (Linux, Open BSD,
Eclipse, Swing, ...)
2) Big companies are reluctant to provide you a FOSS list. They are more
or less in compliance but some of them provide you a URL on their web
site on which you find the list of their products and for each of them a
several megabyte ASCII File with the list of all licenses of FOSS on
their products. That's not usable at all. If one of their customer want
to resale their product in one of its products it has to read everything
and identify every action to comply "Ha yes this is apache1.1 so I have
to put some acknowledgement in my documentation!".
3) Liability clause/money damage. Big companies are not always accepting
it. I have been told by some of their lawyers: how can we guarantee that
we are not doing mistakes this is a too complex world. If you take a
Linux distribution with 6000 package and you look at packages, you can
find hundreds of various licenses in one package. Small companies accept
more easily these conditions, but they have not too much money. How do
you value the fact that you have to stop to distribute your product or
the potential issue to have to disclose your source code while it was not
planned and it is not your fault.
4) .... a lot of other issues

I would challenge the SPDX members to take a Linux standard distribution
and to provide me the SPDX file at file level (not at package level). Yes
open source is great but it is also really a Bazard 8-) and with maven
and cloud computing it will become worse.

So the effort is tremendous and cannot be done by one company, it should
be shared. And it is time to start.

So I will study the short terms options you propose. But for the long
term, I would to start to create a new mailing list of people who are
intereted in discussing FOSS governance standardization issues (to start:
FOSS clause in contracts, having a common Database under a king of
Wikipedia contribution system describing FOSS IP, having public tutorial
on FOSS issues, and perhaps things like lobbying to reduce the number of
FOSS licenses, ...); Martin, can we use the FOSS Bazaar infrastructure to
create the mailing list?

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

-----Message d'origine-----
De : Bradley M. Kuhn [mailto:bkuhn@...]
Envoyé : vendredi 15 juin 2012 19:49
Cc : spdx@...
Objet : FOSS clauses for contracts & fora for discussing it (was Re:
Clarification regarding "FSF legal network")


I went back and read your previous posts from February on this topic,
(as I mentioned earlier in this thread, I don't follow SPDX closely. I
mostly joined this thread (Kibo-like) when the term "FSF" came up).

However, having gotten fully caught up on your posts, I think your idea
is a useful one. In my work doing GPL compliance, I have often had
situations where a downstream company has violated and they never
actually had clear clauses in their contract with upstream about what
would happen if a FLOSS license was violated. This has caused mass
confusion and made it more difficult to get the company into compliance.

In a few cases, there *were* clearly developed clauses like the ones you
mention, and it did indeed facilitate more easy work getting to compliance
on the product.

So, I'm thus supportive of your effort to
promulgate these standardized clauses regarding use of FLOSS in
upstream/downstream contracts. Meanwhile, I wish I had a better
suggestion for you of where to talk about the idea....

RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
what is your suggestion for me to try to standardize these FOSS
clauses. What organization? I have tried SPDX, I have been advised to
go to FSFE legal network.
... as others have suggested, FOSS Bazaar might be a good place.

I have join the FSFE legal network and I tried to get a reaction
without success except "that's interesting"
It sounds like in addition to my objections to ftf-legal, that there
were other issues: your description seems to indicate ftf-legal wasn't
that interested in this giving useful feedback and collaboration on the

Any suggestion of organization that would have a look?
There was once a forum called "open-bar", which is at: but it's mostly defunct AFAICT.
The mailing lists disappeared a while back. The last email from I have
in my archives for <discuss-general@...> was Tuesday 18 Mar

Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
we had some very brief discussions about creating a forum for discussion
that was open and available to all about these issues (like open bar
was). However, it's unclear if, as a community, we're at a "build it
and they would come" moment, so none of us from the FOSDEM 2012 track
have put effort in.

Thus, at the moment, I think FOSS Bazaar is probably the best place to
host this sort of discussion venue, so I think if you want an immediate
discussion about your specific topic, that's probably the place to

Also, as a medium-term suggestion, I strongly recommend you propose a
talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
(sadly, North America CFP just closed), or (c) at the 2013 Linux
Collaboration Summit Legal Track (which Richard Fontana & I will
co-chair) about the topic. Speaking about the topic at conferences is a
great way to get interest and feedback.

Long term, as a community, it'd be good to solve this general issue: the
fora that exist for Legal, Licensing and Policy issues in Free Software
are scattered across many different places, and some of the primary ones
are closed clubs. I've been witnessing the problem for years and I
don't have a good solution to propose to solve it.
-- bkuhn
Spdx mailing list

Join { to automatically receive all group messages.